ARTICLE
5 November 2025

Stall No More – Implementing Reg S-P Amendments

WG
Weil, Gotshal & Manges LLP

Contributor

Weil, Gotshal & Manges LLP logo

Founded in 1931, Weil has provided legal services to the largest public companies, private equity firms and financial institutions for more than 90 years. Widely recognized by those covering the legal profession, Weil’s lawyers regularly advise clients globally on their most complex Litigation, Corporate, Restructuring, and Tax, Executive Compensation & Benefits matters. Weil has been a pioneer in establishing a geographic footprint that has allowed the Firm to partner with clients wherever they do business.

Explore Firm Details
In a year marked by a change in administration, the formal withdrawal of proposed rules and the extension of compliance dates for certain adopted rules...
United States Compliance
Christopher Mulligan,Christopher Scully, and David Wohl
Weil, Gotshal & Manges LLP are most popular:
  • within Environment, Technology and Energy and Natural Resources topic(s)
  • in United States

In a year marked by a change in administration, the formal withdrawal of proposed rules and the extension of compliance dates for certain adopted rules, many hoped that the amendments to Regulation S-P (“Reg S-P”) would follow suit. Unfortunately, at this point, that looks to not be the case and many fund sponsors are preparing for implementation.

New Requirements.

In May 2024, the SEC adopted amendments to Reg S-P, which regulates how certain financial institutions handle nonpublic personal information about consumers. Among other things, these amendments require SEC registered investment advisers with $1.5 billion or more in assets under management to take several steps, including (i) developing and implementing an incident response program to detect, respond to, and recover from unauthorized access to or use of customer information and (ii) providing timely notifications to individuals affected by such unauthorized access. 

What this means for advisers.

Covered advisers are required to comply with the amendments by December 3, 2025, which is quickly approaching. Coming into compliance generally requires a review of an adviser's current compliance program to determine whether the firm's incident response plan is sufficient for these purposes (early findings suggest that most RIA compliance programs are insufficient on this front), building out any needed additional policies and procedures, and conducting trainings for firm employees.

Next steps.

Given that many compliance programs reviewed to date have required significant updating, advisers are urged to begin this process as soon as they are able. Please feel free to reach out to your regular Weil team member if you have any questions or need any assistance with this matter as our private funds group and privacy and cybersecurity group have been assisting clients prepare for the upcoming deadline.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Christopher Mulligan
Christopher Mulligan
Photo of Christopher Scully
Christopher Scully
Photo of David Wohl
David Wohl
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More